Ean,
I don't know what the original intention of the forum security scheme was. I posted an RFC a few
days ago about forum permissions:
http://mail-archives.apache.org/mod_mbox/ofbiz-dev/200708.mbox/[EMAIL PROTECTED]
I would like to see the forum permissions evolve into something like this:
Super User (admin)
----------
Create/update/delete Forum Groups, Forums, Forum Threads, Forum Messages
Create/delete Forum Group/Forum members (users and moderators)
User
----
Initially granted view permissions only
Granted Threads/Messages Create permissions when subscribed to a forum (a forum
member)
Moderator
---------
Same permisssions as user
Permission to promote a user to a moderator
Granted Forum/Thread/Message delete permissions by Super User or another
Moderator
Granted permission to Ban forum members
Do you think "normal human beings" could manage that permission system?
-Adrian
Ean Schuessler wrote:
On Thursday 23 August 2007 12:41:40 pm Al Byers wrote:
Yes, the ownerContentId is strictly for security. Andrew did some clean up
and addition of service-based permission granting code, so make sure you
see those.
I looked at that permission code and it does seem flexible, but I have grave
concerns about normal humans being able to configure it successfully. Do you
see those permissions typically being set-up by an expert admin?
